[ previous ] [ next ] [ threads ]
 From:  gramels <gramels at gmail dot com>
 To:  Gordon Day <gordon at deepcovelabs dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Strongly desired audit feature
 Date:  Sun, 26 Jun 2005 11:44:34 +0200
for that reason i reuqested, that config.xml files are timestamped
which is the case now
*just safe after every change the config.xml
*wrap this in a process based policy for the employes
*here is your audit trail

*in addition to that you can see in the log file (which can be written
to an external log server) at what time the filter was reset

the xml file is quiet easy to read, espacially the rule base

I would accept this (beeing a certified IT auditor...) during an audit.

But I fully agree, an automated audit trail would be nice and move
m0n0 much more in the direction of a professional managed firewall.

On 6/23/05, Gordon Day <gordon at deepcovelabs dot com> wrote:
> Hello all, I'd like to suggest a something for m0n0wall that is in the
> category of a core firewall feature.  It is a requirement for a number
> of different external security audits that there be an audit trail for
> any changes made to a firewall. Beyond being a common external audit
> requirement, it would be a great aid for those of us with complex rule
> sets to see what we changed and when we changed it.
> A case in point occured yesterday when I made a number of "innocent"
> changes which resulted in a periodically critical service to partially
> fail a day later. Discovering which of the 4 changes caused the problem
> was a fair headache as I hadn't written down my actions as I performed
> them.  Tracking the changes is something that the GUI could do quite
> easily but is a pain to do manually and easy to forget.
> Cheers,
> Gordon.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch